Configuring 802.1x, Configuration prerequisites, 1x configuration task list – H3C Technologies H3C S12500-X Series Switches User Manual
Page 82

70
2B
Configuring 802.1X
This chapter describes how to configure 802.1X on an H3C device. You can also configure the port
security feature to perform 802.1X. Port security combines and extends 802.1X and MAC authentication.
It applies to a network, a WLAN, for example, that requires different authentication methods for different
users on a port. It is described in "
760H
Configuring port security
."
35B
H3C implementation of 802.1X
H3C implements port-based access control as defined in the 802.1X protocol, and extends the protocol
to support MAC-based access control.
•
Port-based access control—Once an 802.1X user passes authentication on a port, any subsequent
user can access the network through the port without authentication. When the authenticated user
logs off, all other users are logged off.
•
MAC-based access control—Each user is separately authenticated on a port. When a user logs off,
no other online users are affected.
36B
Configuration prerequisites
•
Configure an ISP domain and AAA scheme (local or RADIUS authentication) for 802.1X users.
•
If RADIUS authentication is used, create user accounts on the RADIUS server.
•
If local authentication is used, create local user accounts on the access device and set the service
type to lan-access.
For more information about RADIUS client and local EAP authentication configuration, see "
761H
Configuring
AAA
."
37B
802.1X configuration task list
Tasks at a glance
(Required.)
762H
Enabling 802.1X
(Required.)
763H
Enabling EAP relay or EAP termination
(Optional.)
764H
Setting the port authorization state
(Optional.)
765H
Specifying an access control method
(Optional.)
766H
Setting the maximum number of concurrent 802.1X users on a port
(Optional.)
767H
Setting the maximum number of authentication request attempts
(Optional.)
768H
Setting the 802.1X authentication timeout timers
(Optional.)
769H
Configuring the online user handshake function
(Optional.)
770H
Configuring the authentication trigger function
(Optional.)
771H
Specifying a mandatory authentication domain on a port
- H3C S5560 Series Switches H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C WX3000 Series Unified Switches H3C LSWM1WCM10 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C S9800 Series Switches H3C S5130 Series Switches H3C S5120 Series Switches